Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT LOG - cotton83


  • Please log in to reply
2 replies to this topic

#1 cotton83

cotton83

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 14 July 2005 - 01:12 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:08:43 AM, on 14/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Privacy Guardian\shredder.exe
C:\Documents and Settings\adam's domaim\My Documents\adam\stuff\New Folder\HijackThis\HijackThis.exe
D:\Programs Files\Diablo II\Game.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megatokyo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.megatokyo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Class - {1C72FEB7-4D6C-FAF3-195A-D51516EDCC77} - C:\WINDOWS\apiko32.dll (file missing)
O2 - BHO: Class - {7CF63507-F787-DEDD-FF68-BDC0D8517426} - C:\WINDOWS\wincb32.dll (file missing)
O2 - BHO: Class - {935D29CB-14A9-92E2-1A43-61FA68E60B26} - C:\WINDOWS\winrs32.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Class - {DEF26277-13F0-6032-7E44-55ABCC2FA3BF} - C:\WINDOWS\system32\ieak32.dll (file missing)
O2 - BHO: Class - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\WINDOWS\apiif32.dll (file missing)
O2 - BHO: Class - {F9A5B906-BB1D-3F82-4F5F-40683B5388DB} - C:\WINDOWS\crjf.dll (file missing)
O2 - BHO: Class - {FD01007A-4D24-4533-3C3C-54EB3DCE94D5} - C:\WINDOWS\system32\added32.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [0000 - C:\Documents and Settings\default\Start Menu\Programs\HP DeskJet 930C Series v2.3] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\default\Start Menu\Programs\HP DeskJet 930C Series v2.3"
O4 - HKLM\..\RunOnce: [0003 - C:\Documents and Settings\default\Start Menu\Programs\HP Internet Connection Center] C:\WINDOWS\command.com /c rmdir "C:\Documents and Settings\default\Start Menu\Programs\HP Internet Connection Center"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [System Mechanic Registry Compact Handler] "C:\Program Files\iolo\System Mechanic 4 Professional\SysMech4.exe" /PERSISTREGCOMPACT
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - User Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamps.com/download/us/regis...34/sdcregie.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119993038207
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

BC AdBot (Login to Remove)

 


#2 Omerr

Omerr

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 14 July 2005 - 06:20 AM

Hello and welcome to BleepingComputer.

I am currently reviewing your log. Please understand that in order to give you the best answer to your problem, I must dedicate time and thought to your log, so please be patient with me.

I will come back to you with an answer as soon as possible.

Omer.

#3 Omerr

Omerr

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 14 July 2005 - 06:32 AM

Hello and welcome to Bleeping Computer.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Please do NOT change any of those settings until we finish the fixing process.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Viewpoint Manager


Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1C72FEB7-4D6C-FAF3-195A-D51516EDCC77} - C:\WINDOWS\apiko32.dll (file missing)
O2 - BHO: Class - {7CF63507-F787-DEDD-FF68-BDC0D8517426} - C:\WINDOWS\wincb32.dll (file missing)
O2 - BHO: Class - {935D29CB-14A9-92E2-1A43-61FA68E60B26} - C:\WINDOWS\winrs32.dll (file missing)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: Class - {DEF26277-13F0-6032-7E44-55ABCC2FA3BF} - C:\WINDOWS\system32\ieak32.dll (file missing)
O2 - BHO: Class - {EB9C0909-10FC-905B-3888-30E340436B10} - C:\WINDOWS\apiif32.dll (file missing)
O2 - BHO: Class - {F9A5B906-BB1D-3F82-4F5F-40683B5388DB} - C:\WINDOWS\crjf.dll (file missing)
O2 - BHO: Class - {FD01007A-4D24-4533-3C3C-54EB3DCE94D5} - C:\WINDOWS\system32\added32.dll (file missing)
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: Win32 Classes –
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} –
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -


Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Folders indicated in BLUE if they still exist:

C:\Program Files\Viewpoint


Delete the following Files indicated in RED if they still exist:

C:\WINDOWS\apiko32.dll
C:\WINDOWS\wincb32.dll
C:\WINDOWS\winrs32.dll
C:\WINDOWS\system32\ieak32.dll
C:\WINDOWS\apiif32.dll
C:\WINDOWS\crjf.dll
C:\WINDOWS\system32\added32.dll


Reboot your system in Normal Mode.

Please use Panda ActiveScan at http://www.pandasoftware.com/products/activescan. Give us the scan’s log.

You don't seem to have a firewall program installed. Using a firewall will allow you to give/deny access for applications that want to go online. Please download a free one at ZoneAlarm http://www.zonelabs.com.

Please scan again with HijackThis to get a new log.
Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Now give us a new HijackThis Analyzer log, along with Panda ActiveScan’s log, so we can make sure your system is clean.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users